 There's not a whole lot to it. I do talk about, you know, see who conversations. No, yeah, it might as well. Well, later on, Darren and I decided to include the jellyfish. I'm like, ah, crap, I wish I would have known that. I liked that one. I was like, I wanted to do something with Wendy's and the Wendy's. Well, you could have the jellyfish regurgitating with the twisted Wendy's food. I thought that'd be funny, but it's like, oh, that's like, wait, I don't know. So I kind of went on another direction. I feel bad for Wendy's, ever since the whole finger in the chili episode. Which everyone forgets until you bring it up. Finger in the chili. At least I had. I don't know this episode, but it's a well-described episode. Mike, you was a big finger in the ears. Yeah, someone found part of it. Well, there's also the Taco Bell thing. Oh, I thought you meant to check how hot the jellyfish was. No, no, no, someone found part of it. Oh, yeah, exactly. Tell your kids that's what it is. And we're starting the show off right. All right, that's right. Oh, and Len will do this. Let's try doing the thing that I mentioned last week. Oh, right, yeah, yeah, yeah. Where we'll do a quick, you know, like, what'd you draw in the show? And then we can talk about it more afterwards. Sure. Cool. Because it makes sense. The video people are the ones who are like, yeah, I want to look at it. Yeah, yeah, yeah. Yeah. We'll do this for you video people. That's right. To buy his prints. That's right. I will refuse to say anything until I sell one. Yeah. Go ahead, Len. Len's not talking. That's mean. Let's just Shopify. All right, let's get going. You ready, Darren? Yep, let's do it. Here we go. This is the Daily Tech News for Friday, July 8, 2016. I'm Tom Marry, joining me today. Darren Kitchin, host producer and founder of the online web series, Hack 5. Wow, that's so official. Oh, man, that sounds amazing. Yeah, you should be that person, which you are. I, what? No way. We're going to talk quite a bit about encryption. It's just in the news today. It's like the news decided, hey, Darren's on. Let's make sure we have lots of. I appreciate that about the news. And so if we want to influence the world more with better crypto, you just have to have me on more, Tom. I guess that's the solution. Len Peralta is here as he is most Fridays as well. To illustrate the show, how are you, Len? Doing well. Getting over some crud, but other than that, I'm doing fine. I promise my wife will be sending you your Cleveland Cavaliers victory prize. Oh, I'll be, I'll be, I'll be a Snapchattinger and ask over and over. Believe me, I'm persistent if nothing else. Our main discussion today is going to be about Facebook launching end-to-end encryption of a sort. But first, let's get to some other top stories. Microsoft is open sourcing Project Malmo. You may have heard this as Project Aix, AIX, they changed the name. Its platform uses Minecraft to improve AI problem solving. So basically they enable machine intelligence to play Minecraft in order to learn things. It will also have an overclocking feature to run the experiments faster than the normal Minecraft game speed. Platform has a mod for the Java version of Minecraft and then some code to help the AI agents be able to move around in the game, be able to sense what's going on in the game. Code runs on Windows, Linux or Mac OS and can be found at github.com slash Microsoft slash Malmo. That's M-A-L-M-O. Yeah, this is some really cool type of like AI research stuff where basically you let the bot try everything and then you just reward it when it does really well. And so then it just like learns better behaviors. And I don't know, I think that it's really cool to be using the Minecraft engine in such a way because it is such a just open world. And it's nice that there is kind of a standardized thing that anybody of your researcher of any sort can use this because it's open source. You just clone it on github. And then that means you can publish your stuff and have it more easily peer reviewed than having to build your own infrastructure every time. But damn it, Microsoft, you're doing a cool open source stuff again. Where is the Microsoft I know and love? They're putting the O in micro open source soft. Actually, I gave it some thought and I went down the rat hole and this is how far the rat hole led. I installed DOS box because as it turns out there is an Easter egg in QBasic because I wanted to go down like, I remember Microsoft. Actually, they were doing some awesome stuff. When I was a tween, I was teaching myself programming in QBasic. So why wouldn't tweens be teaching themselves AI development in Minecraft? How cool is that? I mean, the knee jerk reaction is to say, oh, so we'll get a lot of AIs that are really good at Minecraft. What use is that? And the thing to remember is you can create, if you don't play Minecraft, you may not realize this. I don't play Minecraft, but I've had enough people who do kind of keep me up to speed. You can create almost anything in Minecraft. People have created processors and of course you've seen millions of videos of roller coasters. So you can create things to challenge the AI and guide it and teach it certain things like object recognition or particular patterns. There's more to do in here than just crushing zombies. Yeah, you can build a self-driving car in it and then give it a cookie when it doesn't run over pedestrians. Right, or does run over zombies. It's funny you bring up QBasic. I was doing some advance work for later this month for Today in Tech History, which I posted at topmerit.com and the anniversary of Microsoft acquiring QDOS is coming up later this month. And I was like, oh right, that's why we had QBasic included in DOS because it was QDOS's basic. And it was much better than GWBasic. And just so that you know listeners at home, if you, when you open up QBasic.exe, you hold down Control Shift and Alt on both the left and right side of the keyboard, you'll get a fun Easter egg where you see all the developer's names. But you gotta hit that turbo button because you'll never make it in time if you're not running at 4.77 megahertz. 4.77 megahertz. Google announced it is switching the TLS encryption and a test portion of Chrome installations from using just elliptic curve cryptography to also, in other words, they're not getting rid of elliptic curve, but they're adding ring learning with error or ring LWE. In other words, they are testing a type of encryption that cannot be broken easily by quantum computers. Now this doesn't mean that it is never gonna be broken by quantum computers. That's the whole point of this is to test it out and say, okay, people with quantum computers come at this, people study it. Are there any weaknesses? Could this be the thing that preserves our connections when quantum computers finally become viable and widespread? Traditional encryption, like I said, is also used. The experimental connections therefore are at minimum as strong as all others, but they are forward and protected against quantum computers, possibly. The experiment is only enabled in Chrome Canary. That's the developer edition. So if you have regular Chrome, you're not going to get this. You can see if your installation of Chrome Canary has it by going into the security panel, look at the key exchange and see if you have one that starts CECPQ one. This is really cool. It's just awesome to see that while we're about to talk about Facebook looking to protect your messages today, Google is already working on the bigger problem of keeping messages secure tomorrow as quantum computers are a reality as they become more and more powerful, that there is this huge potential to completely obliterate public key cryptography as we know it today, and that's the stuff that's in TLS. That's the stuff that's making the little lock icon in the top left of your browser work so that you can do e-commerce and banking and all those other things. So it's really important that we get out in front of this. And so because even stuff that's captured today could be cracked tomorrow with these sorts of things. And we do a lot now in terms of perfect forward secrecy for example where we rotate keys and such so that, oh okay, well you might be able to store a ton of data, but every message is going to take the same level of crypto. It's not like you're gonna break one encryption key and get all of the messages. So, but quantum computers just make it so easy to break all of them so quickly that it's really interesting to see Google doing this and wrapping today's crypto around this understanding that, hey this might not even be, this hasn't been peer reviewed by a billion people, it's not the standards of today. So wrapping the standards of today and the potential standards of tomorrow. So you have that double layer of security so that even if it isn't actually any good, it's okay because you still fall back on today's stuff. And yeah, it's just interesting also that they're gonna discontinue it in two years because they don't want it to become a de facto standard. Right, what they're saying is we wanna take what we learn from this and hopefully replace it with something much better. But at least we have these two years to learn from it and if it does work, it provides a little measure of forward security. Yeah, and what I also found interesting looking into this some more is that this mainly is an issue with public key cryptography and it's not so much with symmetric cryptography which is, so if you're doing like single file encryption and things of that nature, it's not as easy. So yeah, it's just cool stuff, great new world. If all of this is going over your head, think of it this way. Whenever you hear about MySpace database from five years ago or LinkedIn database from a few years ago being sold on the internet because someone cracked it, remember a couple of things. One is the encryption that we used five years ago is easier to crack today than it was five years ago. And quantum computers are going to make that a much bigger leap should they become viable. There's still some debate about whether they will but it is possible, it's very possible. And so when they do, suddenly it's not gonna be like, oh, that encryption from five years ago is a little easier to crack. It's gonna be all the encryption ever up to a certain point is now easily cracked. So you want to be working on this now and that's why this is so exciting. Google announced Thursday it has acquired Envato, a video platform that does cloud editing of video, does on-demand video and live streaming. Their clients include NBC, CBS, Fox, Univision. If you've used some of their TV anywhere apps, say on an Apple TV or Roku to access video, the backend is provided by Envato. But they also, like I said, they do live video editing in the cloud so that you don't have to store all the files locally. So they're more than just BAM. BAM is also known as Major League Baseball Advanced Media because it's owned by the baseball team still. BAM is mostly about video streaming. They do a little bit of this stuff too. They're not direct competitors. This is more a competitor for say, Amazon or Microsoft Azure. And this is Google saying we are now providing the backend for major networks in an area that is only going to get bigger as more of these over-the-top video services are made. Well, what's exciting here is that you look at who the audience is for these types of things. And you've got the Major League Baseball, kind of like NFL, those kinds of customers that are interested in these sorts of technologies. And Google have an offering. I just know that that's the kind of thing that'll trickle down to something that you and I are using like right now, hangouts on air. So I'm just excited that perhaps we get some of that love. Yeah, there's also a lot of credible rumors that YouTube will launch its own over-the-top video service. There were some rumors out about that today. Some of them saying that they'll not only have major networks like CBS and NBC, but they'll also have YouTube-fed channels of linear programming. And if Google owns this company now, that not only makes that service a little easier to provide because you have an in-house live streamer, but it also gives you leverage. One of the biggest things with cable companies in creating deals with the networks was leverage. Part of the leverage is given to cable companies by law. There is the Telecommunications Act that says you have to negotiate with cable companies. Cable, or broadcasters don't have to negotiate with online companies, at least not yet. The FCC is looking into changing that. But if you are Google and you're like, hey, wanna break on that live video contract with Envato? Maybe help us out with our little YouTube access over the top product, that would be great. Now suddenly you have leverage. That's really interesting. Also full disclosure, my friend's wife works at YouTube. Yeah, I'm the friend, my wife works there. She works as a production manager at YouTube Space LA, which I guess tangentially could touch on this, but it's not really, like she wouldn't have any insight knowledge. Research conducted by teams from the Department of Electrical and Computing Engineering at the Stevens Institute of Technology, along with another team from Binghamton University at New York State, have determined how a motion sensor data in SmartWatch could be used to deduce your pin. The algorithm was tested on 5,000 key entry traces that they made off of 20 adults using one of three different wearables. There were two watches and one sort of mimicking a Fitbit type device that they were collecting. They were able to have their algorithm guess the pin with 80% accuracy on the first attempt and rising to 90% accuracy after three tries. An exploit would need to either capture the packets from Bluetooth as it's communicating between the watch and the phone, for instance, or by malware on the phone or on the watch that could capture it locally. It could be foiled by either using another hand, you don't have your watch on this hand, the watch isn't gonna capture anything, or introducing random movements. So if you see people at the ATM and they're putting in a number and then waving their hand around, they're trying to mitigate this exploit, which by the way, isn't in the wild yet, it's a research exploit. Yeah, and you know what? Also keep in mind, we do not have any nose wearables at the moment. So if you wanna type your pin code in with your nose, that would probably be secure. Unless you have a connected nose ring, you should be safe. Whoa, I want the Bluetooth variety of that. I love the research of this. It makes me feel very much like I feel when I read all of this air gap exfiltration research where it's like, we've found an esoteric way to get data out of a computer from across the room at like 900 bod, or like nine bod. But anyway, I just, I love it in concept, but I don't like the kind of recommendations of introducing noise into the signal of data from these sensors, because it feels like having the connection, the Bluetooth connection introduce a little extra noise to foil. No, actually, one of the recommendations is to have the sensors like actually get some noise as far as like the movements, because then you reduce the usefulness of those sensors. And a lot of times those sensors are being done to really, you know, for really cool stuff with fitness and whatever other tracking. I feel like this is more of like, okay, well, do we mitigate this with human behavior changes, or do we add like a pin code mode where it disables those sensors? I love all of this little stuff. You really have to like, you know, take it with a bit of a grain of salt and like kind of like ask yourself, like, what threat actor am I really protecting myself from? But I'll give you an example, right before we went live, you're like, okay, are we ready to take the hangout live? And I'm like, yes, as I finished typing in my NickServe password, because I'm thinking about the research from years ago where they're like, you know, just audibly we can tell what you're typing based on the sound of the keystrokes. And I'm like, well, I don't want somebody, you know, checking the YouTube video. Well, yeah, I agree. Mechanical noise being included is something you want to consider if this becomes used, if they're like, yeah, people are definitely using this, but you not only have to have someone exploiting it in the wild, you have to have someone also figuring out how to get your account number, right? You have to connect the card with the pin. Just having the pin doesn't help you all that much. That's not impossible to have, but it's a little more complex than that. And I think the easiest mitigation is you don't use the hand with the watch on it if this became a common thing. And that's that. There you go. Yeah. Wendy's continues its investigation of malware that infected its point of sale systems, AKA what used to be called cash registers. If you remember, they had originally estimated 300, then in May, they said, it's more than that. It's quite a bit more than that, but we're still looking. Now they're saying that the malware has affected 1,025 of their locations. They have more than 5,000 locations, so it's about 20%. Wendy's has put up a webpage where you can check to see if the location you might frequent has been affected. So if you've been using your credit card at a Wendy's, you might want to go to this page. It's at payment.wendys.com slash paymentcardcheck.html. Why? You know what? I just want to try payment.wendys.com because if they don't have a mask URL for that, no, if you go to payment.wendys.com, it just says success, which is not true, Wendy's. It's not success. So anyway, payment.wendys.com slash paymentcardcheck. But that will give you a dropdown menus to say, okay, I go to this Wendy's at this location and it will tell you whether it is one that is affected or not. If it is affected, you can get Wendy's to pay for some credit monitoring for you. And you know what? Here's the thing, you read this announcement and it is just the most sad boilerplate we got hacked and boilerplate FAQ of like, oh, well, we'll give you some free credit monitoring and here's how to protect your identity. And it's all just so sad that both, okay, a couple of things are sad. First of all, they're always like, oh, this is like such a sophisticated cyber attack and no, it's not. I've got friends that are pen testers that will tell me in great detail how POS systems live up to their name. And on the other hand, it's just sad that we're still in such a society with symmetric keys that are the kind of the digits on my credit card and not implementing any sort of like PKI, any sort of like public key type cryptography with my money that the only thing separating from me from my bank account is a couple of digits on a card. It's mind boggling that we still have that and that the solution is like, oh, we'll give you a year of credit monitoring. It's frustrating to say the least. I mean, okay, besides secure your stuff from the beginning better, what do you think they should do in addition to what they're doing right now? You know, get a better, just like audit themselves more. Get a better POS system. Promise that, you know, we are going to double down. And they are, they're not just doing it very specifically. I think I would like to hear more specifically. Are you asking whether they can use base or not get hacked? Yeah, well, they're saying we are, we are going to secure these terminals and we've updated them and patched them, et cetera. I, for one, would like more details before I go eat another Wendy's restaurant. I mean, they're kind of like at the whim of the vendor, right? So, and this is the other thing is the majority of times that these happens, like the company, whether it's Target or Home Depot, when these things happen, it's they're not the ones operating these point of sale systems. They are managed by a third party that you never hear about. A POS party, you might say. You might say indeed. Researchers from Harvard University have developed a robot made of silicone with a skeleton made of gold wire covered in genetically engineered rat heart cells that have been infused with photosensitive algae DNA so that they can swim like a stingray and follow a light source, allowing them to be remotely controlled. It cannot survive outside the lab at this point. Oh my God. Dude, I can't wait to see the tweets using the God creating this animal meme. How fantastic. Yeah, so I'll give it some biomimicry. Like what? This is amazing. Well, I... And the thing is like, you could come up with all kinds of reasons like, oh, we need better underwater robots because so this would be more efficient. It might be stealthier, et cetera. But they're not really doing this for a particular purpose. This is definitely pure research. I love that's the best reason to do anything. It is pure hacking in its most creative and beautiful form. And I say, bring on the BioBots. I love it. Couple this with biomimicry, which is where robots emulate animalistic behaviors. And you have a beautiful platform for clandestine operations of all sorts. So there will be the future where we're like, is that a pigeon? Or is that an assay spot? Do androids dream of electric sheep? Oh no. My sheep needs repair. I just say, bring on the skin jobs. So say we all. I heard one of the researchers speaking on BBC World Service yesterday afternoon. That's where I first heard about this story. And I wish I had written down the quote because I don't know if I'm saying it exactly word for word, but it was pretty close to this. He said, so I had the idea of what if we just take apart a rat and rebuild it like a jellyfish? That's the guy created tweaking. Yes, yes. And that was like, okay, I need to go look this up right now. I'm in the middle of making a salad. And I'm like, I'm stopping this. I am going to go figure out this. And of course I immediately emailed Anthony Carboni and Jeff Kanata at We Have Concerts because we definitely want to hear their perspective on this. But yeah, you can check it out. Technologyreview.com probably has the best write up of this. There is also one at Popular Science. And I believe it's actually a journal article in science if you want to go straight to the source. But some of them are missing little bits and pieces and of course focusing on the more ridiculous parts of this, which are also true. Like it's a skeleton made of gold. It's just, yeah. No, this is built for headline writers. Thanks to all those who participate in our subreddit. You too can be submitting stories and voting on them. It helps us make a better show. Go to dailytechnewshow.reddit.com. Join, Tibmeister, SP Sheridan, 313C7, TM204, Abituele Kondolse and more at dailytechnewshow.com. And that's a look at the top stories. All right, Facebook announced secret conversations Friday. That's the name of this new feature that's inside Messenger. It uses end-to-end encryption. What your Facebook Messenger does now does encrypt your messages, but not end-to-end. So Facebook could see them and they want to see them so they can do things like plug-in chatbots and process payments and stuff like that. However, if you're like, no, I don't want anyone to see this. Facebook will now allow you to use secret conversations and angered encryption with messages stored only on your device. So you can only have a conversation from one device. This eliminates the ability to do cross-platform. You start the conversation on your phone. You're gonna have to keep going on your phone because the keys are not shared across your devices and they're not shared with Facebook either. You can set the messages to disappear after a time period between five seconds and 24 hours. Users must turn on the secret chat option and keep that in mind. Facebook will start rolling out the option to a test group and they intend to have it available to everyone by the end of summer. It happened. We called this and it's beautiful and I am so thankful, Snowden, you made it happen. We talked about this as soon as the original story broke and we said, this is going to usher in a new era where suddenly talking about whether or not something is encrypted is not relegated to just some hackers. It's part of the mainstream conversation and it is happening now. This is so exciting. Yeah, Viber, Telegram, Signal, now WhatsApp, now Facebook. You are seeing end-to-end encryption happening everywhere. The criticism of this could be, well, what kind of encryption are they using? Well, they're using Signal protocol from OpenWhisper Systems. There's a post from Moxie Myrland Spike today talking about it saying, you know, it's ultimately a reasonably done approach. It's not perfect. We'd like them to have end-to-end encryption features available everywhere. But it's there and it's done well where it's available. Do you have a problem with them making it opt in and saying, well, all your messages are not going to be end-to-end encrypted. They'll only be encrypted on the wire for now unless you opt in, then they can be end-to-end encrypted. Some people say, why not just end-to-end encrypted all the time? I don't have a problem with this. I feel like, you know, it's a good, it's a step in the right direction and I hope that it is indicative of more steps to come. And, you know, like Signal itself, the protocol is really good. It provides confidentiality. It's got that integrity checking. It's got the authenticity. It's got that forward secrecy that we were talking about previously. So if one message gets cracked, that they're not going to get them all. And it's been praised by Snowden for good reason. I feel like this is hopefully indicative of a, in fact, I kind of want to, I kind of want to brainstorm here as far as I was looking at one of the features in particular of this messaging service and the potential for Facebook to truly become that platform that is, okay, imagine this expanding on to, instead of just messaging, right? So just let's start with something simple. Facebook, amazing platform for sharing baby photos, right? Facebook doesn't necessarily need to see the content of your baby photo to monetize you in any sort of way. So interestingly, in this secret messaging system, I can send you an image and it is encrypted using the same technology that is used to encrypt the message. It's stored on Facebook server, but Facebook can't see it because they don't have the crypto keys, only you and I can. So it's stored in an encrypted form. Yes. So Facebook can't even tell it's an image. Right, so as opposed to the messages which Facebook does not hold, only the two ends of the encryption, encrypted communications hold. In this case, they are the third party holding on to some, in this case, images for us, but only we can see it. Now keep that in mind and also understand that Signal the Protocol supports group messaging, right? You know where I have groups on Facebook? I have friends, I have acquaintances. So imagine that instead of just a secret conversation, all of these fundamental pieces of the foundation of the technology are here now so that there could potentially be a future where I want to post a baby photo to Facebook and it doesn't necessarily need to see it to monetize it and I only wanna share it with these certain people so why don't I just share it with those people? It gets saved encrypted and they can see it and that in of itself is the whole philosophy behind the idea of a social network, a internet company offering you a service where they are facilitating something for you and your friends, but they don't know what they're facilitating which means that when they are asked to provide something to the government through a secret court order or something of that nature that they literally cannot comply and there's something beautiful about that and it's what I've been hoping for for a long time. So this is the first time I've seen Facebook take a step in that direction. There's a few other interesting things going here. Now we noted that at this point they only allow you to use it on one device. That is something that they might be able to work around and stay and then encrypt it on. We'll see. They say you can't do things like gifts or videos or payments because those services require you to go out into Facebook servers to get the gifts but as Darren pointed out, you can put your own attachment on this. So this just means you can't use the GIF button in the keyboard that comes with Messenger. It doesn't mean you couldn't put a GIF in there. You just have to find it yourself and attach it yourself. The other thing that they did enable that nobody's talking about it but it's there in the white paper is stickers. So you could still use the Facebook Messenger stickers. I was using this. It's slightly leaky I suppose because Facebook can tell the first time you use a sticker if you didn't have it locally cached they can be like, oh I've had a count downloaded that sticker. That's a very small amount of information and after that they'll never know whether you used it or not. Great, so what you're telling me is that you and I could have a conversation where the NSA is like, we have no idea what they're talking about but it has something to do with a panda and a beach ball. Yes, exactly. They definitely downloaded panda and then he responded by downloading beach ball. We don't know whether they use them or how often. So I mean, if you're like definitely trust no one you may not want to use the stickers because of that or you want to make sure you cash them by using them in an unencrypted conversation first or something like that. But that's pretty tight and there we have found a way to say like here is something you can use. There also is abuse reporting allowed. They went the extra mile to work this in. They not only allow you to report abuse but it reports it without any revelation of what the text of the communications is unless you as the reporting person tell them what it is and they use a system called franking to verify that you are in fact the person that was involved in the conversation that the conversation stays confidential and that third parties can't tell what's happening with this abuse report. There's third party deniability. And that's the beautiful thing about the signal protocol. It is robust enough to enable these sorts of features and it's such that no man in the middle could use its position in the network to fake messages to make them look like they're from you. There's authenticity checks to weed that out and I don't know this is just a really well designed system and it's the same reason why we've seen it implemented now by WhatsApp and several other major platforms adopting this. It's really interesting to see this becoming a standard much like PGP was a standard and actually you would even mentioned it when we were discussing this in Slack you're like oh well you know it leaks some metadata like for instance when you're, you know if the message has been read and where the person's you know eyeballs are in the conversation as far as what they have seen. But that's no more so than the metadata that's already leaked if I send you an encrypted email using PGP. So. Right. You can tell that this message was sent and you can tell what IP addresses were involved but that's it. Well the big difference here is I can, you know I can't get grandma to send me a PGP email but she's on Facebook. Yeah. And if I just say hey click that secret button she can do that and that's amazing. I would like to see and this you know some people are criticizing them for not having to end on all the time. I do understand why that might not be the best user situation for people like your grandma or people like other people's children who are like I just don't wanna mess with that sort of thing right now. That's one thing. I would like them to make it so that you could say always have end to end encryption on unless I turn it off. Give me the reverse option as well at least down the line. Well you know it's baby steps but this is a massive, massive leap and so the rest of it the foundation after this is there for them to implement so much more using this protocol so I love it. We've got a pick of the day from Bill that has to do with security on your computer. Bill says I've been using a fingerprint reader the Icon Mini fingerprint reader it's spelled E-I-K-O-N for Microsoft Windows for nearly two weeks on my Windows 10 desktop. Works well with the Win 10 Hello feature and has always worked on the first scan at least for Bill it has. I use double-sided tape to attach it and a USB extension to the edge of my monitor. I have my system to look after five minutes of idle unless a video is playing so you can just swipe and get right back in. Paul Therot mentioned it on Windows Weekly in an earlier episode that's where Bill heard about it so he's passing it along to you we'll have a link to the Amazon page for it in our show notes at dailytechnewshow.com but there you go many fingerprint reader to add to your desktop or laptop. Yeah it's good stuff I've been playing with the Windows Hello stuff on the surface tablet and it works pretty well. What the only thing I don't like about it is that and this isn't a huge criticism but it says if it doesn't work put a pin in that you can use. And so you're basically falling back to a password at that point so make sure you pick a secure pin to back up your Windows Hello with. Yep one two one two. That would not be a good example. Send your picks to feedback at dailytechnewshow.com you can find more picks at dailytechnewshow.com slash picks good messages today. Gary the senior geek you might used to know him as Land Gary wrote in and said I thought you might wanna hear from someone 20 years in the future. As a listener who is approaching the early stages of late youth I was interested in your discussion of how different generations get their news. I still read the Los Angeles Times every day on my iPad. I've never been one to write to the newspaper but now that I can send a response to an op-ed piece by touching a link at the end of an article I'm writing in all the time. I also get breaking news from Twitter and Facebook plus the morning stream dailytechnewshow and other podcasts. Given the confirmation bias at our house we tend to watch Rachel Maddow and the daily and nightly shows instead of network news or 24 hour news channel but I'm 66 for the next five days and I suspect I'm a little atypical for my age. Nice. Yeah so there you go there's an example of somebody still reading print but not reading newspapers reading it online regarding our Pew internet study from yesterday. Jermaine from SeesawingTemp's Champagne Illinois I says I think the question of having a real game control on a touchscreen display may be a chance to reaffirm the link between technologies being used by first persons with disabilities and then in some cases being adapted by the tech community at large. He says text to speech was mainstreamed as a way to allow blind and visually impaired persons to access computers. He points out there are braille displays being developed as screens that create tactile dots for a blind person to be able to read on a portable device and as they get cheaper he says I envision they'll be used in many different ways and one of them could be to help solve the touchscreen gaming conundrum. Imagine within five years you might have an iPhone nine gaming edition which creates clear tactile buttons on the screen for use during gameplay. Hey why not? We could all benefit from that. Have you seen those demos of the screen that will bubble up and create like a tactile feedback? They're pretty cool. No I haven't and I feel like that's something that I would really have to like have in my hands to get a sense of. And Dustin the nuclear IT architect. So this is a job that demands that he be very good at it I would imagine. Writes in with a way of securing internet of things at home. He has three wireless networks. They're all V-Land and segregated. One for his family, one for guests and one for internet of things. He says the internet of things network is secured with a long password. It's speed limited and restricted via my firewall what services are allowed to reach on the internet. The devices are restricted from contacting each other and there was no UPNP. See meaning there shouldn't be the possibility of any incoming connections I didn't set up manually. And he describes a little more about it. It will have full email in the show notes but I thought that was a, it's a fairly simple trick to secure your internet of things. It doesn't really secure the internet of things but it creates an environment where any vulnerabilities in the internet of things shouldn't affect too many other things. Right I mean what it's doing is saying like I don't trust these so I don't want them on the same network as the other good stuff which is a good practice. It's unfortunate that you still in this day and age see companies with guest Wi-Fi networks that are connected to the same network that has the active directory server. Oops. Anyway. Don't do that companies. Take it from Justin, the nuclear IT architect and Justin or Darren. You're not Justin. Why would I call you Justin? Now I'm getting old. They know what they're talking about. Listen to them. Well that is it for this episode of Daily Tech News Show. Thank you Justin. Yes absolutely it's great to be here Tom. Listen I was wondering do you use a VPN to protect your traffic when you're out and about? I do in fact. What kind do you use like a paid service or do you roll your own? I do not roll my own. Oh well rolling your own it turns out. I use the paid service from OpenVPN private tunnel. Oh fantastic. Well how about, so you already familiar then with the fact that OpenVPN clients can be installed on Windows Mac, Linux, Android, iOS all of that very easily. Well guess what it turns out, setting up your own server is super super simple and we demonstrate just how to do that on the last few weeks episodes of Hack 5. You can find the episodes over at HAK5.org. We have a two-parter on the super super simple way to do it and then we have another hour long one if you wanna dive deep into the command prompt and start getting your config files and your certificate authority generating on. You can do it that way too and we've got tutorials all about it. HAK5.org. All right that is something I actually would like to do. Like that is definitely something I'm going to take advantage of. So go check it out, HAK5.org. Of course Len Peralta has been busy illustrating the show. What do you got Len? Yeah, you know I said before we started that I wasn't gonna reach real high with this one. And you know it's you know, given the kind of week that this that we've had I felt it might be easier just to do something a little bit sort of low brown sort of fun. So I did a what Facebook secret conversations obviously very very cool encryption program. I have a feeling that it'll be used ultimately for little kids giggling about sending the word but over and over to one another. So get ready for encrypted conversations about butts people because that's what it's gonna come down to. You know I imagine that the percentage of traffic is probably going to be fairly high that it follows that word you're not worth it. I just want to say for the record that I like encrypted butts and I will not lie. The other brothers won't deny either. Yeah I did move, I did work in Wendy's butt sauce and rat butts into this as well. Look at that, it's very topical. Thank you Len, go check it out folks. LenPeraltaStore.com and support Len's creation of that art. If you want to support us you can find us at dailytechnewshow.com slash support. You can support the show in many ways. You can just review us on iTunes. That's the easiest and cheapest way if you don't have a lot of money. If you wanna support us at a dollar a month that helps keep us going, you can do it on PayPal or if you do it on Patreon, patreon.com slash DTNS you can get some perks for that. If you just want the headlines of the show subscribe to our new show Daily Tech Headlines get the tech news of the day in less than 10 minutes at dailytechnewshow.com slash subscribe or search Daily Tech Headlines in your podcast app. Our email address is feedback at dailytechnewshow.com you can give us call 593-2459 that's 512-593-2459 catch the show live Monday through Friday, 4.30 p.m. Eastern at alphageekradio.com and diamondclub.tv and visit our website dailytechnewshow.com back on Monday with Michael Wolfe talking to Veronica Belmont and I about food tech. This show is part of the Frog Pants Network. Get more at frogpants.com. I hope you have enjoyed this program. Battles vote on titles people. Fantastic, man, I love the encrypted butts. You know, I'm glad to hear that, you know. Partway through this I thought, you know, is this, is this what my life has come to? What's beautiful is, you know how, you know, as we learned through the Snowden leaks in the person program things of that nature that the NSA catalogs any encrypted email that's sent internationally just so they can crack it later. We're talking about Crip with quantum computing. So here's the thing, the volume of encrypted email rather low considering the fact that it's very difficult to set up and it's hard to do. This is something super easy to do, which now means that the NSA has to buy a whole lot of new hard drives so that quantum computing becomes a thing in a decade they can de-encrypt your butt. This whole, this guy talked about was butts. What's this all about? There's a waste of time. We can talk more about butts. I'm gonna just pick signed, entangled, encrypted. I'm yours. Oh, that's good. Wait, signed, entangled, encrypted. Oh, that's nice. Yeah. That's a good one. I like it. So yeah, is that, is that person in your... I must also say that let's take apart a rat and rebuild it as jellyfish, also a good title. I mean, yeah, I'm not gonna deny that that is also an amazing title. What about POS systems live up to their name? That can be used any time a POS story comes up. True, true. Let's hold that one reserved. That's a good answer. Grandma's secret was 30 years ago, or was it 60 years ago? So, I was gonna ask you, is the person in your art today modeled on anyone we know? No, actually, you know what? I've always been a big fan of the Farside and the Farside. Very, very, very fond of it. Yeah, you know, I always loved his kids were always sort of a little bit fat and had like this curly hair at the top. So, you know, this is one of those moments where I just started just drawing the character. I kind of had it in my mind and I knew what I wanted them to look like with these huge glasses. I wanted to kind of get the idea across that it was just... Oh, I totally see that now, yeah. Yeah, with just some little kid just messing around. And then, you know, essentially, I mean, that's the reality of it, right? I mean, you know, Facebook encryption and secret conversations and things like that. Of course, there'll be some, you know, there might be maybe some pretty high level sort of secrecy, you know, things going on at that level. But really, when it comes right down to it, a lot of people sending, you know, little conversations about butts. I wanted to come up with something that was just really base, base level. Take our mind off the world. Yeah, exactly. I didn't want to think too hard. Giggle about some butts. And then another one of those things where it was sort of like, you know, because I do these in real time, it's you really, you have to commit and it's too late. By the time the show starts, it's already too late to restart. So I got to, you just got to work with what you got. Hopefully, you know, hopefully they're good. And, you know, I thought a sausage is made, people. Do you think this might work in reverse? Kind of like, obviously, Tom, whenever you have me on, we're going to have amazing breakthroughs in the industry adopting encryption. Do you think if we just get Len to start doing some boilerplate, you know, half illustrations ready to go that we could maybe influence the tech world? That would be great. Yeah, I'd like to see your mock-ups of the iPhone 8. Oh, wow. Well, I have some ideas. I don't know what this idea is. I have some ideas. They should have come to me first, is what I'm saying. Yeah, maybe sometimes you can make it, your illustration is of, this is the news for next year on this day. Right. Yeah, like there's a big announcement and I will predict. I can let you guys in on it. This is what the next iPhone's going to look like. This is, yeah, this is the future, people. I am calling it, I am the Karnak of tech. Ooh, someone else who references Karnak. In the, in the, in the, Johnny Carson. Oh, no, it's, it's the thing that, oh man. Yes, I know, yeah, Karnak is, I love Karnak. Dynashore backing into a meat thermometer. Oh my, Dynashore backing into a meat thermometer. How did we miss leaky stickers? That's a good one. Just wanted to give a shout out to that one. It's not too late. Another Jay Martin. No, I just, I just want it to get some props. Another Jay Martin, these stickers. Wow, it's already up on Twitter. If you want to see lens art, you're fast. Oh, he's so quick. I think, are you drawing right into Shopify? Yeah, yeah. No, actually it's, you know, like part of, part of what I do is, you know, there's usually like the last five minutes when I finish, I just do a real quick screenshot and put it up there and everything's set up and ready to go, so. Yes, it's super hot here, by the way. I'm heading to lennproaltestore.com. Do you have water slides in your area? We do have water slides, not the really big ones. There's one in, there's one in the city next door that they have a, well, actually, no, our city has a big, huge pool with water slides and stuff like that. But yeah, it's up to the 90s anyway, it's hot, hot. So have you, did you guys talk about Pokemon Go on the show? We talked about it on launch day, yeah. And I played it on Thursday night when I finally got in, but I haven't been able to find a Pokemon near me. And I haven't felt like going out, like they're all at least two or three blocks away. I'm like, I don't wanna go that far. Maybe when I walk the dogs, I should take it out. Right, I might go walking the sea tonight. I haven't, you know, that's the thing though, it's like people are gonna be looking down at their phones, someone's gonna fall off. Well, you heard about Darwin, Australia, right? We mentioned that on the show. No, I did not. The police department posted on Facebook, A, you don't need to come into the police station to catch, to find your Pokeballs, and B, if you're going across the street, don't look at your phone, it's not safe. Yeah, right, right. So this is basically Ingress all over again. Well, it's Niantic, it made the app. So yeah, they're actually using Ingress points. Are you kidding? In Pokemon Go. That's weird. I saw one, there was a sign on a DQ, said Pokemons are for paying customers only. So like if you want to go in to get the Pokemon, you gotta buy something at DQ. You have to buy a cone, small cone, at least. Hey, I can't blame them, you know what I mean? Like, you don't want people walking around your store and just leaving? Yeah, like this. Right, exactly. Yeah, I was able to capture one in the lift that I took to Trivia Night. The first night. Oh, neat. Yeah, it was perched on the side of the car, which I found really cool. Oh, that's cool. You know, because we're like, I'm whizzing along and I'm seeing them all go past me because we're on the freeway. I'm like, well, I'm never gonna get those. And then there was one in the car somehow. Oh, that's pretty cool. Yeah. I gotta try it out. I have not left my house in over 24 hours, so I best go outside to try it. I'm assuming you've showered, though. I have, yes. Before you go outside, that's cool. I just haven't been outside to do anything. Too hot to go outside. Yeah, that, or, you know, get there. That's not hot, that. Oh, stop. Pretty hot. Hey, man, thank you, Karnak. Karnak just followed me on Twitter. What? Nice. I made a reference and he followed me. How weird is that? Who is following Roger Chang and Len Perl? That is weird. Wild stuff. Wild stuff. Yeah, which one of us wants to be? It's really hard to do that laugh. And he was a big guy, so he had the lungs to really get that low, ah-ha-ha-ha-ha-ha. Johnny. Oh, we're old. All right, I got a little bit of paperwork to do and then I am out of here. All right, man, have a good weekend. Thanks again. All right, thank you guys, everybody. Good seeing you, have a great weekend. Take care, bye-bye. Take care, bye-bye. Bye. Hey, before you take off, Darin. Yes, are we still live? It's time for Roger's calendar. Yeah. We are still live. Okay. We're gonna make us not live. Yeah, let's do this, not live. Okay. One sec, I wanna finish pressing the upload button and then, all right. Thanks everybody for watching. We'll see you next time. Goodbye.